Leading US healthcare organization implements least privilege on over 20,000 devices

The healthcare provider protects information and devices using CyberArk Endpoint Privilege Manager


Company profile

Of all the information that might tempt malicious attacks, personal healthcare records probably rank near the top of the list. Should any such data be compromised, the implications — including impact on individuals, financial loss and reputational damage to an organization — are significant.

That is why this healthcare organization devotes considerable time, effort and expertise to ensure its data is secure. The entity is both a healthcare provider and education institution, with patients accessing a wide variety of services via primary and specialty care offices in multiple locations.


Increasing Number of Attacks

The number of attacks on public organizations, especially in healthcare, continues to increase, as does the financial cost and disruption to operations. Across its environment, this organization has almost 20,000 desktops, laptops and mobile devices. These endpoints pose a challenge for any security manager, especially in a healthcare setting: Devices have multiple users, and physical security is sometimes not as strong as in other facilities because of the need to grant freedom of access to the public.

Although there had always been rigor around managing privileged access, one particularly pressing issue the entity faced was the growing number of users granted elevated access rights beyond those required to just perform their current roles. Some longer-tenured staff members even had administrative rights to multiple machines spread throughout the environment.


CyberArk Granular Controls Empower Users

The healthcare provider had investigated several different products for managing privileged access on endpoints but finally chose CyberArk. The director of client services recalled, “When we came across CyberArk and met the CyberArk team, we fell in love with the solution. Not only did it solve the issues we were facing around local administrator privileges, but it also had the granular controls that empower users to make administrative actions with the necessary guardrails to keep everything safe.”

There is a fine line between security and preserving user freedom. Having responsibility for supporting the IT needs of the organization’s front-facing clinical teams, the director has a passion for making life as easy as possible. Stopping the need for a busy doctor or nurse making just one support call is a huge win for everybody. However, this needs to be done in the context of never compromising the overall integrity of the environment.

The IT team’s initial exposure to CyberArk demonstrated the platform’s breadth of capabilities, especially the ability to empower users while also ensuring endpoint integrity.

“There is a clear focus on security, but it is balanced with the inherent flexibility to accomplish everyday tasks, like enabling end users to make simple changes without needing administrator privileges. Unlike some of its competitors, CyberArk is not a ‘bare bones’ privileged access management solution; it enables us to do a whole lot more.”

-Director of Client Services, Major Healthcare Provider

In a phased approach, CyberArk Endpoint Privilege Manager was deployed to administration workstations and laptops and in clinical areas where there are shared workstations such as computers in exam rooms and nursing stations. CyberArk professional services expedited the rollout. The organization’s information systems supervisor noted, “The CyberArk consultant was superb; very knowledgeable and able to quickly answer all our questions. Some users did not even realize they’d had CyberArk installed on their system; it was that smooth.”

Privileged access management represented the first deployment phase across numerous endpoints, as these encompass the organization’s largest attack surface. The next stage will focus on the server environment.


For CyberArk, Every Client is Unique

The director voiced appreciation for the depth and breadth of the partnership with CyberArk, citing how the company tailored the deployment to match their specific requirements. “It is always challenging for the companies we deal with to fully understand the complexity of our environment. The charter of our organization positions us where the healthcare and education verticals converge. CyberArk really understands this dual profile and has a great awareness of our unique needs.”

Key benefits

  • Helps protect critical healthcare data such as patient records
  • Delivers a flexible endpoint protection solution that balances security with ease of access
  • Builds a partnership based on understanding the unique needs of a merged healthcare and education environment

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey